From 88c9ce7e6a54e888903fc456248b7dc5eb865d3e Mon Sep 17 00:00:00 2001 From: yeshanshan Date: Mon, 5 Jan 2026 17:28:25 +0800 Subject: [PATCH 1/2] fix: add DTK preference override configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. Added installation of override configuration files in debian/dde- shell.install 2. Updated CMakeLists.txt to install DTK preference override configuration 3. Created new override file shell/overrides/ org.deepin.dtk.preference.json 4. The override file defines themeType configuration with proper metadata including Chinese translations Log: Added DTK preference override configuration for theme type settings Influence: 1. Verify that the override configuration file is properly installed to /usr/share/dsg/configs/overrides/org.deepin.dde.shell/ 2. Test that theme type configuration is available through DTK configuration system 3. Check that the themeType setting can be read and written correctly 4. Verify Chinese translations for configuration name and description 5. Ensure the configuration has proper permissions (readwrite) and visibility (public) 6. Test that the override doesn't break existing configuration loading fix: 添加DTK偏好设置覆盖配置 1. 在debian/dde-shell.install中添加覆盖配置文件的安装 2. 更新CMakeLists.txt以安装DTK偏好设置覆盖配置 3. 创建新的覆盖文件shell/overrides/org.deepin.dtk.preference.json 4. 覆盖文件定义了themeType配置,包含完整元数据和中文翻译 Log: 添加了主题类型设置的DTK偏好设置覆盖配置 Influence: 1. 验证覆盖配置文件是否正确安装到/usr/share/dsg/configs/overrides/ org.deepin.dde.shell/ 2. 测试主题类型配置是否可通过DTK配置系统访问 3. 检查themeType设置能否正确读写 4. 验证配置名称和描述的中文翻译 5. 确保配置具有正确的权限(读写)和可见性(公开) 6. 测试覆盖配置不会破坏现有的配置加载 PMS: BUG-345091 --- debian/dde-shell.install | 1 + shell/CMakeLists.txt | 1 + shell/overrides/org.deepin.dtk.preference.json | 17 +++++++++++++++++ 3 files changed, 19 insertions(+) create mode 100644 shell/overrides/org.deepin.dtk.preference.json diff --git a/debian/dde-shell.install b/debian/dde-shell.install index 9f7ee0f40..87dfdcde5 100644 --- a/debian/dde-shell.install +++ b/debian/dde-shell.install @@ -24,6 +24,7 @@ usr/share/dde-shell/org.deepin.ds.notification*/ usr/share/dde-shell/org.deepin.ds.notificationcenter*/ usr/share/dde-shell/org.deepin.ds.osd*/ usr/share/dsg/configs/org.deepin.dde.shell/org.deepin.dde.shell.json +usr/share/dsg/configs/overrides/org.deepin.dde.shell/* usr/share/dsg/configs/org.deepin.dde.shell/org.deepin.dde.shell.notification.json usr/share/dsg/configs/org.deepin.dde.shell/org.deepin.ds.dde-apps.json usr/share/dsg/configs/org.deepin.dde.shell/org.deepin.ds.dock.json diff --git a/shell/CMakeLists.txt b/shell/CMakeLists.txt index 46bb8a4cc..cb8e3cdd4 100644 --- a/shell/CMakeLists.txt +++ b/shell/CMakeLists.txt @@ -65,3 +65,4 @@ install(TARGETS dde-shell DESTINATION ${CMAKE_INSTALL_PREFIX}/bin) install(FILES ${CMAKE_CURRENT_BINARY_DIR}/dde-shell@.service DESTINATION ${SYSTEMD_USER_UNIT_DIR}) install(FILES ${CMAKE_CURRENT_BINARY_DIR}/dde-shell-plugin@.service DESTINATION ${SYSTEMD_USER_UNIT_DIR}) dtk_add_config_meta_files(APPID org.deepin.dde.shell FILES org.deepin.dde.shell.json) +dtk_add_config_override_files(APPID org.deepin.dde.shell META_NAME org.deepin.dtk.preference FILES overrides/org.deepin.dtk.preference.json) diff --git a/shell/overrides/org.deepin.dtk.preference.json b/shell/overrides/org.deepin.dtk.preference.json new file mode 100644 index 000000000..2a58d6427 --- /dev/null +++ b/shell/overrides/org.deepin.dtk.preference.json @@ -0,0 +1,17 @@ +{ + "magic": "dsg.config.override", + "version": "1.0", + "contents": { + "themeType": { + "value": 0, + "serial": 1, + "flags": [], + "name": "The application theme type", + "name[zh_CN]": "应用主题的颜色", + "description": "The application theme type, which can be set to follow the system theme (0), light theme (1), dark theme (2)", + "description[zh_CN]": "应用主题的颜色,可以设置为跟随系统(0)、浅色(1)、 深色(2),默认为跟随系统", + "permissions": "readwrite", + "visibility": "public" + } + } +} From ce0c2fd18b3a7a156ee3971402c3c8635784b668 Mon Sep 17 00:00:00 2001 From: zhaoyingzhen Date: Mon, 5 Jan 2026 17:57:55 +0800 Subject: [PATCH 2/2] fix: add command whitelist validation for notification actions Add safeCommands whitelist in dconfig with default safe commands Validate commands against whitelist before execution Log: add command whitelist validation for notification actions --- .../configs/org.deepin.dde.shell.notification.json | 11 +++++++++++ panels/notification/server/notificationmanager.cpp | 8 ++++++++ 2 files changed, 19 insertions(+) diff --git a/panels/notification/server/configs/org.deepin.dde.shell.notification.json b/panels/notification/server/configs/org.deepin.dde.shell.notification.json index d56239c4d..65f2b8b25 100644 --- a/panels/notification/server/configs/org.deepin.dde.shell.notification.json +++ b/panels/notification/server/configs/org.deepin.dde.shell.notification.json @@ -155,6 +155,17 @@ "description[zh_CN]": "通知自动清理的天数,超过此天数的通知将被自动删除", "permissions": "readwrite", "visibility": "public" + }, + "safeCommands": { + "value": ["xdg-open","dbus-send","qdbus","deepin-defender","dde-control-center","downloader","dde-file-manager","dde-dconfig","/usr/lib/deepin-daemon/dde-bluetooth-dialog","/usr/bin/dde-hints-dialog","/usr/bin/deepin-devicemanager"], + "serial": 0, + "flags": [], + "name": "safe commands", + "name[zh_CN]": "安全指令", + "description": "safe commands", + "description[zh_CN]": "通知扩展的x-deepin-action-携带的指令白名单", + "permissions": "readonly", + "visibility": "private" } } } diff --git a/panels/notification/server/notificationmanager.cpp b/panels/notification/server/notificationmanager.cpp index a929b2db1..4390749e9 100644 --- a/panels/notification/server/notificationmanager.cpp +++ b/panels/notification/server/notificationmanager.cpp @@ -532,6 +532,14 @@ void NotificationManager::doActionInvoked(const NotifyEntity &entity, const QStr if (!args.isEmpty()) { QString cmd = args.takeFirst(); // 命令 + QScopedPointer config(DConfig::create("org.deepin.dde.shell", "org.deepin.dde.shell.notification")); + QStringList safeCommands = config->value("safeCommands").toStringList(); + + if (!safeCommands.contains(cmd)) { + qWarning(notifyLog) << "The command is not allowed to be executed:" << cmd << safeCommands; + return; + } + QProcess pro; pro.setProgram(cmd); pro.setArguments(args);